2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* af_llc.c - LLC User Interface SAPs
|
|
|
|
* Description:
|
|
|
|
* Functions in this module are implementation of socket based llc
|
|
|
|
* communications for the Linux operating system. Support of llc class
|
|
|
|
* one and class two is provided via SOCK_DGRAM and SOCK_STREAM
|
|
|
|
* respectively.
|
|
|
|
*
|
|
|
|
* An llc2 connection is (mac + sap), only one llc2 sap connection
|
|
|
|
* is allowed per mac. Though one sap may have multiple mac + sap
|
|
|
|
* connections.
|
|
|
|
*
|
|
|
|
* Copyright (c) 2001 by Jay Schulist <jschlst@samba.org>
|
|
|
|
* 2002-2003 by Arnaldo Carvalho de Melo <acme@conectiva.com.br>
|
|
|
|
*
|
|
|
|
* This program can be redistributed or modified under the terms of the
|
|
|
|
* GNU General Public License as published by the Free Software Foundation.
|
|
|
|
* This program is distributed without any warranty or implied warranty
|
|
|
|
* of merchantability or fitness for a particular purpose.
|
|
|
|
*
|
|
|
|
* See the GNU General Public License for more details.
|
|
|
|
*/
|
2005-09-22 15:43:05 +08:00
|
|
|
#include <linux/compiler.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/rtnetlink.h>
|
|
|
|
#include <linux/init.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 16:04:11 +08:00
|
|
|
#include <linux/slab.h>
|
2017-02-03 02:15:33 +08:00
|
|
|
#include <linux/sched/signal.h>
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <net/llc.h>
|
|
|
|
#include <net/llc_sap.h>
|
|
|
|
#include <net/llc_pdu.h>
|
|
|
|
#include <net/llc_conn.h>
|
2005-08-10 11:08:28 +08:00
|
|
|
#include <net/tcp_states.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* remember: uninitialized global data is zeroed because its in .bss */
|
|
|
|
static u16 llc_ui_sap_last_autoport = LLC_SAP_DYN_START;
|
|
|
|
static u16 llc_ui_sap_link_no_max[256];
|
|
|
|
static struct sockaddr_llc llc_ui_addrnull;
|
2005-12-23 04:49:22 +08:00
|
|
|
static const struct proto_ops llc_ui_ops;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-09-16 01:51:25 +08:00
|
|
|
static bool llc_ui_wait_for_conn(struct sock *sk, long timeout);
|
2005-09-22 15:26:14 +08:00
|
|
|
static int llc_ui_wait_for_disc(struct sock *sk, long timeout);
|
|
|
|
static int llc_ui_wait_for_busy_core(struct sock *sk, long timeout);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
#if 0
|
|
|
|
#define dprintk(args...) printk(KERN_DEBUG args)
|
|
|
|
#else
|
2020-02-26 13:08:52 +08:00
|
|
|
#define dprintk(args...) do {} while (0)
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif
|
|
|
|
|
2009-12-26 19:51:00 +08:00
|
|
|
/* Maybe we'll add some more in the future. */
|
|
|
|
#define LLC_CMSG_PKTINFO 1
|
|
|
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/**
|
|
|
|
* llc_ui_next_link_no - return the next unused link number for a sap
|
|
|
|
* @sap: Address of sap to get link number from.
|
|
|
|
*
|
|
|
|
* Return the next unused link number for a given sap.
|
|
|
|
*/
|
2006-03-21 13:27:43 +08:00
|
|
|
static inline u16 llc_ui_next_link_no(int sap)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
return llc_ui_sap_link_no_max[sap]++;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_proto_type - return eth protocol for ARP header type
|
|
|
|
* @arphrd: ARP header type.
|
|
|
|
*
|
|
|
|
* Given an ARP header type return the corresponding ethernet protocol.
|
|
|
|
*/
|
2006-11-08 16:26:05 +08:00
|
|
|
static inline __be16 llc_proto_type(u16 arphrd)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2012-05-11 05:14:35 +08:00
|
|
|
return htons(ETH_P_802_2);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_addr_null - determines if a address structure is null
|
|
|
|
* @addr: Address to test if null.
|
|
|
|
*/
|
2006-03-21 13:27:43 +08:00
|
|
|
static inline u8 llc_ui_addr_null(struct sockaddr_llc *addr)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
return !memcmp(addr, &llc_ui_addrnull, sizeof(*addr));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_header_len - return length of llc header based on operation
|
|
|
|
* @sk: Socket which contains a valid llc socket type.
|
|
|
|
* @addr: Complete sockaddr_llc structure received from the user.
|
|
|
|
*
|
|
|
|
* Provide the length of the llc header depending on what kind of
|
|
|
|
* operation the user would like to perform and the type of socket.
|
|
|
|
* Returns the correct llc header length.
|
|
|
|
*/
|
2006-03-21 13:27:43 +08:00
|
|
|
static inline u8 llc_ui_header_len(struct sock *sk, struct sockaddr_llc *addr)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
u8 rc = LLC_PDU_LEN_U;
|
|
|
|
|
2021-07-25 05:11:59 +08:00
|
|
|
if (addr->sllc_test)
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = LLC_PDU_LEN_U;
|
2021-07-25 05:11:59 +08:00
|
|
|
else if (addr->sllc_xid)
|
|
|
|
/* We need to expand header to sizeof(struct llc_xid_info)
|
|
|
|
* since llc_pdu_init_as_xid_cmd() sets 4,5,6 bytes of LLC header
|
|
|
|
* as XID PDU. In llc_ui_sendmsg() we reserved header size and then
|
|
|
|
* filled all other space with user data. If we won't reserve this
|
|
|
|
* bytes, llc_pdu_init_as_xid_cmd() will overwrite user data
|
|
|
|
*/
|
|
|
|
rc = LLC_PDU_LEN_U_XID;
|
2005-04-17 06:20:36 +08:00
|
|
|
else if (sk->sk_type == SOCK_STREAM)
|
|
|
|
rc = LLC_PDU_LEN_I;
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_send_data - send data via reliable llc2 connection
|
|
|
|
* @sk: Connection the socket is using.
|
|
|
|
* @skb: Data the user wishes to send.
|
|
|
|
* @noblock: can we block waiting for data?
|
|
|
|
*
|
|
|
|
* Send data via reliable llc2 connection.
|
|
|
|
* Returns 0 upon success, non-zero if action did not succeed.
|
2019-10-07 05:24:26 +08:00
|
|
|
*
|
|
|
|
* This function always consumes a reference to the skb.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
|
|
|
static int llc_ui_send_data(struct sock* sk, struct sk_buff *skb, int noblock)
|
|
|
|
{
|
|
|
|
struct llc_sock* llc = llc_sk(sk);
|
|
|
|
|
2007-02-09 22:25:01 +08:00
|
|
|
if (unlikely(llc_data_accept_state(llc->state) ||
|
2005-11-15 13:57:46 +08:00
|
|
|
llc->remote_busy_flag ||
|
|
|
|
llc->p_flag)) {
|
2005-09-22 15:26:14 +08:00
|
|
|
long timeout = sock_sndtimeo(sk, noblock);
|
2019-10-07 05:24:26 +08:00
|
|
|
int rc;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rc = llc_ui_wait_for_busy_core(sk, timeout);
|
2019-10-07 05:24:26 +08:00
|
|
|
if (rc) {
|
|
|
|
kfree_skb(skb);
|
|
|
|
return rc;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2019-10-07 05:24:26 +08:00
|
|
|
return llc_build_and_send_pkt(sk, skb);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void llc_ui_sk_init(struct socket *sock, struct sock *sk)
|
|
|
|
{
|
2008-06-17 16:21:03 +08:00
|
|
|
sock_graft(sk, sock);
|
2005-04-17 06:20:36 +08:00
|
|
|
sk->sk_type = sock->type;
|
|
|
|
sock->ops = &llc_ui_ops;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct proto llc_proto = {
|
2006-03-21 13:27:23 +08:00
|
|
|
.name = "LLC",
|
2005-04-17 06:20:36 +08:00
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.obj_size = sizeof(struct llc_sock),
|
2017-01-18 18:53:44 +08:00
|
|
|
.slab_flags = SLAB_TYPESAFE_BY_RCU,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_create - alloc and init a new llc_ui socket
|
2009-11-06 14:18:14 +08:00
|
|
|
* @net: network namespace (must be default network)
|
2005-04-17 06:20:36 +08:00
|
|
|
* @sock: Socket to initialize and attach allocated sk to.
|
|
|
|
* @protocol: Unused.
|
2009-11-06 14:18:14 +08:00
|
|
|
* @kern: on behalf of kernel or userspace
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* Allocate and initialize a new llc_ui socket, validate the user wants a
|
|
|
|
* socket type we have available.
|
|
|
|
* Returns 0 upon success, negative upon failure.
|
|
|
|
*/
|
2009-11-06 14:18:14 +08:00
|
|
|
static int llc_ui_create(struct net *net, struct socket *sock, int protocol,
|
|
|
|
int kern)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *sk;
|
|
|
|
int rc = -ESOCKTNOSUPPORT;
|
|
|
|
|
2012-11-16 11:03:07 +08:00
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_RAW))
|
2008-03-28 11:28:10 +08:00
|
|
|
return -EPERM;
|
|
|
|
|
2009-11-26 07:14:13 +08:00
|
|
|
if (!net_eq(net, &init_net))
|
2007-10-09 14:24:22 +08:00
|
|
|
return -EAFNOSUPPORT;
|
|
|
|
|
2005-09-22 14:59:22 +08:00
|
|
|
if (likely(sock->type == SOCK_DGRAM || sock->type == SOCK_STREAM)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = -ENOMEM;
|
2015-05-09 10:09:13 +08:00
|
|
|
sk = llc_sk_alloc(net, PF_LLC, GFP_KERNEL, &llc_proto, kern);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (sk) {
|
|
|
|
rc = 0;
|
|
|
|
llc_ui_sk_init(sock, sk);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_release - shutdown socket
|
|
|
|
* @sock: Socket to release.
|
|
|
|
*
|
|
|
|
* Shutdown and deallocate an existing socket.
|
|
|
|
*/
|
|
|
|
static int llc_ui_release(struct socket *sock)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct llc_sock *llc;
|
|
|
|
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(sk == NULL))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
sock_hold(sk);
|
|
|
|
lock_sock(sk);
|
|
|
|
llc = llc_sk(sk);
|
2008-03-06 12:47:47 +08:00
|
|
|
dprintk("%s: closing local(%02X) remote(%02X)\n", __func__,
|
2005-04-17 06:20:36 +08:00
|
|
|
llc->laddr.lsap, llc->daddr.lsap);
|
|
|
|
if (!llc_send_disc(sk))
|
|
|
|
llc_ui_wait_for_disc(sk, sk->sk_rcvtimeo);
|
2018-04-20 12:54:34 +08:00
|
|
|
if (!sock_flag(sk, SOCK_ZAPPED)) {
|
|
|
|
struct llc_sap *sap = llc->sap;
|
|
|
|
|
|
|
|
/* Hold this for release_sock(), so that llc_backlog_rcv()
|
|
|
|
* could still use it.
|
|
|
|
*/
|
|
|
|
llc_sap_hold(sap);
|
2005-04-17 06:20:36 +08:00
|
|
|
llc_sap_remove_socket(llc->sap, sk);
|
2018-04-20 12:54:34 +08:00
|
|
|
release_sock(sk);
|
|
|
|
llc_sap_put(sap);
|
|
|
|
} else {
|
|
|
|
release_sock(sk);
|
|
|
|
}
|
2022-06-08 12:39:55 +08:00
|
|
|
netdev_put(llc->dev, &llc->dev_tracker);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock_put(sk);
|
llc: call sock_orphan() at release time
syzbot reported an interesting trace [1] caused by a stale sk->sk_wq
pointer in a closed llc socket.
In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after
calling proto_ops::release()") Eric Biggers hinted that some protocols
are missing a sock_orphan(), we need to perform a full audit.
In net-next, I plan to clear sock->sk from sock_orphan() and
amend Eric patch to add a warning.
[1]
BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline]
BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline]
BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline]
BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468
Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27
CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc4/0x620 mm/kasan/report.c:488
kasan_report+0xda/0x110 mm/kasan/report.c:601
list_empty include/linux/list.h:373 [inline]
waitqueue_active include/linux/wait.h:127 [inline]
sock_def_write_space_wfree net/core/sock.c:3384 [inline]
sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468
skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080
skb_release_all net/core/skbuff.c:1092 [inline]
napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404
e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970
e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]
e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801
__napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline]
net_rx_action+0x956/0xe90 net/core/dev.c:6778
__do_softirq+0x21a/0x8de kernel/softirq.c:553
run_ksoftirqd kernel/softirq.c:921 [inline]
run_ksoftirqd+0x31/0x60 kernel/softirq.c:913
smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164
kthread+0x2c6/0x3a0 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
</TASK>
Allocated by task 5167:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:314 [inline]
__kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slub.c:3813 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879
alloc_inode_sb include/linux/fs.h:3019 [inline]
sock_alloc_inode+0x25/0x1c0 net/socket.c:308
alloc_inode+0x5d/0x220 fs/inode.c:260
new_inode_pseudo+0x16/0x80 fs/inode.c:1005
sock_alloc+0x40/0x270 net/socket.c:634
__sock_create+0xbc/0x800 net/socket.c:1535
sock_create net/socket.c:1622 [inline]
__sys_socket_create net/socket.c:1659 [inline]
__sys_socket+0x14c/0x260 net/socket.c:1706
__do_sys_socket net/socket.c:1720 [inline]
__se_sys_socket net/socket.c:1718 [inline]
__x64_sys_socket+0x72/0xb0 net/socket.c:1718
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Freed by task 0:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640
poison_slab_object mm/kasan/common.c:241 [inline]
__kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257
kasan_slab_free include/linux/kasan.h:184 [inline]
slab_free_hook mm/slub.c:2121 [inline]
slab_free mm/slub.c:4299 [inline]
kmem_cache_free+0x129/0x350 mm/slub.c:4363
i_callback+0x43/0x70 fs/inode.c:249
rcu_do_batch kernel/rcu/tree.c:2158 [inline]
rcu_core+0x819/0x1680 kernel/rcu/tree.c:2433
__do_softirq+0x21a/0x8de kernel/softirq.c:553
Last potentially related work creation:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
__kasan_record_aux_stack+0xba/0x100 mm/kasan/generic.c:586
__call_rcu_common.constprop.0+0x9a/0x7b0 kernel/rcu/tree.c:2683
destroy_inode+0x129/0x1b0 fs/inode.c:315
iput_final fs/inode.c:1739 [inline]
iput.part.0+0x560/0x7b0 fs/inode.c:1765
iput+0x5c/0x80 fs/inode.c:1755
dentry_unlink_inode+0x292/0x430 fs/dcache.c:400
__dentry_kill+0x1ca/0x5f0 fs/dcache.c:603
dput.part.0+0x4ac/0x9a0 fs/dcache.c:845
dput+0x1f/0x30 fs/dcache.c:835
__fput+0x3b9/0xb70 fs/file_table.c:384
task_work_run+0x14d/0x240 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa8a/0x2ad0 kernel/exit.c:871
do_group_exit+0xd4/0x2a0 kernel/exit.c:1020
__do_sys_exit_group kernel/exit.c:1031 [inline]
__se_sys_exit_group kernel/exit.c:1029 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
The buggy address belongs to the object at ffff88802f4fc800
which belongs to the cache sock_inode_cache of size 1408
The buggy address is located 128 bytes inside of
freed 1408-byte region [ffff88802f4fc800, ffff88802f4fcd80)
The buggy address belongs to the physical page:
page:ffffea0000bd3e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f4f8
head:ffffea0000bd3e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000840 ffff888013b06b40 0000000000000000 0000000000000001
raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 4956, tgid 4956 (sshd), ts 31423924727, free_ts 0
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook+0x2d0/0x350 mm/page_alloc.c:1533
prep_new_page mm/page_alloc.c:1540 [inline]
get_page_from_freelist+0xa28/0x3780 mm/page_alloc.c:3311
__alloc_pages+0x22f/0x2440 mm/page_alloc.c:4567
__alloc_pages_node include/linux/gfp.h:238 [inline]
alloc_pages_node include/linux/gfp.h:261 [inline]
alloc_slab_page mm/slub.c:2190 [inline]
allocate_slab mm/slub.c:2354 [inline]
new_slab+0xcc/0x3a0 mm/slub.c:2407
___slab_alloc+0x4af/0x19a0 mm/slub.c:3540
__slab_alloc.constprop.0+0x56/0xa0 mm/slub.c:3625
__slab_alloc_node mm/slub.c:3678 [inline]
slab_alloc_node mm/slub.c:3850 [inline]
kmem_cache_alloc_lru+0x379/0x6f0 mm/slub.c:3879
alloc_inode_sb include/linux/fs.h:3019 [inline]
sock_alloc_inode+0x25/0x1c0 net/socket.c:308
alloc_inode+0x5d/0x220 fs/inode.c:260
new_inode_pseudo+0x16/0x80 fs/inode.c:1005
sock_alloc+0x40/0x270 net/socket.c:634
__sock_create+0xbc/0x800 net/socket.c:1535
sock_create net/socket.c:1622 [inline]
__sys_socket_create net/socket.c:1659 [inline]
__sys_socket+0x14c/0x260 net/socket.c:1706
__do_sys_socket net/socket.c:1720 [inline]
__se_sys_socket net/socket.c:1718 [inline]
__x64_sys_socket+0x72/0xb0 net/socket.c:1718
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
page_owner free stack trace missing
Memory state around the buggy address:
ffff88802f4fc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88802f4fc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88802f4fc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88802f4fc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88802f4fc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Fixes: 43815482370c ("net: sock_def_readable() and friends RCU conversion")
Reported-and-tested-by: syzbot+32b89eaa102b372ff76d@syzkaller.appspotmail.com
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20240126165532.3396702-1-edumazet@google.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-01-27 00:55:32 +08:00
|
|
|
sock_orphan(sk);
|
|
|
|
sock->sk = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
llc_sk_free(sk);
|
|
|
|
out:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_autoport - provide dynamically allocate SAP number
|
|
|
|
*
|
|
|
|
* Provide the caller with a dynamically allocated SAP number according
|
|
|
|
* to the rules that are set in this function. Returns: 0, upon failure,
|
|
|
|
* SAP number otherwise.
|
|
|
|
*/
|
|
|
|
static int llc_ui_autoport(void)
|
|
|
|
{
|
|
|
|
struct llc_sap *sap;
|
|
|
|
int i, tries = 0;
|
|
|
|
|
|
|
|
while (tries < LLC_SAP_DYN_TRIES) {
|
|
|
|
for (i = llc_ui_sap_last_autoport;
|
|
|
|
i < LLC_SAP_DYN_STOP; i += 2) {
|
|
|
|
sap = llc_sap_find(i);
|
|
|
|
if (!sap) {
|
|
|
|
llc_ui_sap_last_autoport = i + 2;
|
|
|
|
goto out;
|
|
|
|
}
|
2005-09-22 15:43:05 +08:00
|
|
|
llc_sap_put(sap);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
llc_ui_sap_last_autoport = LLC_SAP_DYN_START;
|
|
|
|
tries++;
|
|
|
|
}
|
|
|
|
i = 0;
|
|
|
|
out:
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2005-09-22 14:56:26 +08:00
|
|
|
* llc_ui_autobind - automatically bind a socket to a sap
|
|
|
|
* @sock: socket to bind
|
|
|
|
* @addr: address to connect to
|
|
|
|
*
|
|
|
|
* Used by llc_ui_connect and llc_ui_sendmsg when the user hasn't
|
|
|
|
* specifically used llc_ui_bind to bind to an specific address/sap
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* Returns: 0 upon success, negative otherwise.
|
|
|
|
*/
|
|
|
|
static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct llc_sock *llc = llc_sk(sk);
|
2022-03-25 11:58:27 +08:00
|
|
|
struct net_device *dev = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct llc_sap *sap;
|
|
|
|
int rc = -EINVAL;
|
|
|
|
|
|
|
|
if (!sock_flag(sk, SOCK_ZAPPED))
|
|
|
|
goto out;
|
2020-06-28 04:31:50 +08:00
|
|
|
if (!addr->sllc_arphrd)
|
|
|
|
addr->sllc_arphrd = ARPHRD_ETHER;
|
|
|
|
if (addr->sllc_arphrd != ARPHRD_ETHER)
|
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = -ENODEV;
|
2009-12-26 19:51:01 +08:00
|
|
|
if (sk->sk_bound_dev_if) {
|
2022-03-25 11:58:27 +08:00
|
|
|
dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if);
|
|
|
|
if (dev && addr->sllc_arphrd != dev->type) {
|
|
|
|
dev_put(dev);
|
|
|
|
dev = NULL;
|
2009-12-26 19:51:01 +08:00
|
|
|
}
|
|
|
|
} else
|
2022-03-25 11:58:27 +08:00
|
|
|
dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd);
|
|
|
|
if (!dev)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
rc = -EUSERS;
|
|
|
|
llc->laddr.lsap = llc_ui_autoport();
|
|
|
|
if (!llc->laddr.lsap)
|
|
|
|
goto out;
|
|
|
|
rc = -EBUSY; /* some other network layer is using the sap */
|
|
|
|
sap = llc_sap_open(llc->laddr.lsap, NULL);
|
|
|
|
if (!sap)
|
|
|
|
goto out;
|
2022-03-25 11:58:27 +08:00
|
|
|
|
|
|
|
/* Note: We do not expect errors from this point. */
|
|
|
|
llc->dev = dev;
|
|
|
|
netdev_tracker_alloc(llc->dev, &llc->dev_tracker, GFP_KERNEL);
|
|
|
|
dev = NULL;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
memcpy(llc->laddr.mac, llc->dev->dev_addr, IFHWADDRLEN);
|
|
|
|
memcpy(&llc->addr, addr, sizeof(llc->addr));
|
|
|
|
/* assign new connection to its SAP */
|
|
|
|
llc_sap_add_socket(sap, sk);
|
|
|
|
sock_reset_flag(sk, SOCK_ZAPPED);
|
|
|
|
rc = 0;
|
|
|
|
out:
|
2022-03-25 11:58:27 +08:00
|
|
|
dev_put(dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_bind - bind a socket to a specific address.
|
|
|
|
* @sock: Socket to bind an address to.
|
|
|
|
* @uaddr: Address the user wants the socket bound to.
|
|
|
|
* @addrlen: Length of the uaddr structure.
|
|
|
|
*
|
|
|
|
* Bind a socket to a specific address. For llc a user is able to bind to
|
2005-09-22 14:56:26 +08:00
|
|
|
* a specific sap only or mac + sap.
|
2005-04-17 06:20:36 +08:00
|
|
|
* If the user desires to bind to a specific mac + sap, it is possible to
|
|
|
|
* have multiple sap connections via multiple macs.
|
|
|
|
* Bind and autobind for that matter must enforce the correct sap usage
|
|
|
|
* otherwise all hell will break loose.
|
|
|
|
* Returns: 0 upon success, negative otherwise.
|
|
|
|
*/
|
|
|
|
static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
|
|
|
|
{
|
|
|
|
struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr;
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct llc_sock *llc = llc_sk(sk);
|
2022-03-25 11:58:27 +08:00
|
|
|
struct net_device *dev = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct llc_sap *sap;
|
|
|
|
int rc = -EINVAL;
|
|
|
|
|
2017-05-25 14:07:18 +08:00
|
|
|
lock_sock(sk);
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(!sock_flag(sk, SOCK_ZAPPED) || addrlen != sizeof(*addr)))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
rc = -EAFNOSUPPORT;
|
2020-06-28 04:31:50 +08:00
|
|
|
if (!addr->sllc_arphrd)
|
|
|
|
addr->sllc_arphrd = ARPHRD_ETHER;
|
|
|
|
if (unlikely(addr->sllc_family != AF_LLC || addr->sllc_arphrd != ARPHRD_ETHER))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
2019-04-12 18:55:14 +08:00
|
|
|
dprintk("%s: binding %02X\n", __func__, addr->sllc_sap);
|
2005-09-22 15:44:55 +08:00
|
|
|
rc = -ENODEV;
|
2010-12-05 09:23:53 +08:00
|
|
|
rcu_read_lock();
|
2009-12-26 19:51:01 +08:00
|
|
|
if (sk->sk_bound_dev_if) {
|
2022-03-25 11:58:27 +08:00
|
|
|
dev = dev_get_by_index_rcu(&init_net, sk->sk_bound_dev_if);
|
|
|
|
if (dev) {
|
2013-09-02 04:11:55 +08:00
|
|
|
if (is_zero_ether_addr(addr->sllc_mac))
|
2022-03-25 11:58:27 +08:00
|
|
|
memcpy(addr->sllc_mac, dev->dev_addr,
|
2009-12-26 19:51:01 +08:00
|
|
|
IFHWADDRLEN);
|
2022-03-25 11:58:27 +08:00
|
|
|
if (addr->sllc_arphrd != dev->type ||
|
2013-09-02 04:11:55 +08:00
|
|
|
!ether_addr_equal(addr->sllc_mac,
|
2022-03-25 11:58:27 +08:00
|
|
|
dev->dev_addr)) {
|
2009-12-26 19:51:01 +08:00
|
|
|
rc = -EINVAL;
|
2022-03-25 11:58:27 +08:00
|
|
|
dev = NULL;
|
2009-12-26 19:51:01 +08:00
|
|
|
}
|
|
|
|
}
|
2022-03-25 11:58:27 +08:00
|
|
|
} else {
|
|
|
|
dev = dev_getbyhwaddr_rcu(&init_net, addr->sllc_arphrd,
|
2009-12-26 19:51:01 +08:00
|
|
|
addr->sllc_mac);
|
2022-03-25 11:58:27 +08:00
|
|
|
}
|
|
|
|
dev_hold(dev);
|
2010-12-05 09:23:53 +08:00
|
|
|
rcu_read_unlock();
|
2022-03-25 11:58:27 +08:00
|
|
|
if (!dev)
|
2005-09-22 15:44:55 +08:00
|
|
|
goto out;
|
2022-03-25 11:58:27 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!addr->sllc_sap) {
|
|
|
|
rc = -EUSERS;
|
|
|
|
addr->sllc_sap = llc_ui_autoport();
|
|
|
|
if (!addr->sllc_sap)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
sap = llc_sap_find(addr->sllc_sap);
|
|
|
|
if (!sap) {
|
|
|
|
sap = llc_sap_open(addr->sllc_sap, NULL);
|
|
|
|
rc = -EBUSY; /* some other network layer is using the sap */
|
|
|
|
if (!sap)
|
|
|
|
goto out;
|
|
|
|
} else {
|
|
|
|
struct llc_addr laddr, daddr;
|
|
|
|
struct sock *ask;
|
|
|
|
|
|
|
|
memset(&laddr, 0, sizeof(laddr));
|
|
|
|
memset(&daddr, 0, sizeof(daddr));
|
|
|
|
/*
|
2007-05-09 14:57:56 +08:00
|
|
|
* FIXME: check if the address is multicast,
|
2005-04-17 06:20:36 +08:00
|
|
|
* only SOCK_DGRAM can do this.
|
|
|
|
*/
|
|
|
|
memcpy(laddr.mac, addr->sllc_mac, IFHWADDRLEN);
|
|
|
|
laddr.lsap = addr->sllc_sap;
|
|
|
|
rc = -EADDRINUSE; /* mac + sap clash. */
|
2023-07-19 01:41:50 +08:00
|
|
|
ask = llc_lookup_established(sap, &daddr, &laddr, &init_net);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (ask) {
|
|
|
|
sock_put(ask);
|
2005-09-22 15:43:05 +08:00
|
|
|
goto out_put;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
}
|
2022-03-25 11:58:27 +08:00
|
|
|
|
|
|
|
/* Note: We do not expect errors from this point. */
|
|
|
|
llc->dev = dev;
|
|
|
|
netdev_tracker_alloc(llc->dev, &llc->dev_tracker, GFP_KERNEL);
|
|
|
|
dev = NULL;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
llc->laddr.lsap = addr->sllc_sap;
|
|
|
|
memcpy(llc->laddr.mac, addr->sllc_mac, IFHWADDRLEN);
|
|
|
|
memcpy(&llc->addr, addr, sizeof(llc->addr));
|
|
|
|
/* assign new connection to its SAP */
|
|
|
|
llc_sap_add_socket(sap, sk);
|
|
|
|
sock_reset_flag(sk, SOCK_ZAPPED);
|
|
|
|
rc = 0;
|
2005-09-22 15:43:05 +08:00
|
|
|
out_put:
|
|
|
|
llc_sap_put(sap);
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
2022-03-25 11:58:27 +08:00
|
|
|
dev_put(dev);
|
2017-05-25 14:07:18 +08:00
|
|
|
release_sock(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_shutdown - shutdown a connect llc2 socket.
|
|
|
|
* @sock: Socket to shutdown.
|
|
|
|
* @how: What part of the socket to shutdown.
|
|
|
|
*
|
|
|
|
* Shutdown a connected llc2 socket. Currently this function only supports
|
|
|
|
* shutting down both sends and receives (2), we could probably make this
|
|
|
|
* function such that a user can shutdown only half the connection but not
|
|
|
|
* right now.
|
|
|
|
* Returns: 0 upon success, negative otherwise.
|
|
|
|
*/
|
|
|
|
static int llc_ui_shutdown(struct socket *sock, int how)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
int rc = -ENOTCONN;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(sk->sk_state != TCP_ESTABLISHED))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
rc = -EINVAL;
|
|
|
|
if (how != 2)
|
|
|
|
goto out;
|
|
|
|
rc = llc_send_disc(sk);
|
|
|
|
if (!rc)
|
|
|
|
rc = llc_ui_wait_for_disc(sk, sk->sk_rcvtimeo);
|
|
|
|
/* Wake up anyone sleeping in poll */
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
out:
|
|
|
|
release_sock(sk);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_connect - Connect to a remote llc2 mac + sap.
|
|
|
|
* @sock: Socket which will be connected to the remote destination.
|
|
|
|
* @uaddr: Remote and possibly the local address of the new connection.
|
|
|
|
* @addrlen: Size of uaddr structure.
|
|
|
|
* @flags: Operational flags specified by the user.
|
|
|
|
*
|
|
|
|
* Connect to a remote llc2 mac + sap. The caller must specify the
|
|
|
|
* destination mac and address to connect to. If the user hasn't previously
|
|
|
|
* called bind(2) with a smac the address of the first interface of the
|
|
|
|
* specified arp type will be used.
|
|
|
|
* This function will autobind if user did not previously call bind.
|
|
|
|
* Returns: 0 upon success, negative otherwise.
|
|
|
|
*/
|
|
|
|
static int llc_ui_connect(struct socket *sock, struct sockaddr *uaddr,
|
|
|
|
int addrlen, int flags)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
|
|
struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr;
|
|
|
|
int rc = -EINVAL;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(addrlen != sizeof(*addr)))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
rc = -EAFNOSUPPORT;
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(addr->sllc_family != AF_LLC))
|
|
|
|
goto out;
|
|
|
|
if (unlikely(sk->sk_type != SOCK_STREAM))
|
|
|
|
goto out;
|
|
|
|
rc = -EALREADY;
|
|
|
|
if (unlikely(sock->state == SS_CONNECTING))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
/* bind connection to sap if user hasn't done it. */
|
|
|
|
if (sock_flag(sk, SOCK_ZAPPED)) {
|
|
|
|
/* bind to sap with null dev, exclusive */
|
|
|
|
rc = llc_ui_autobind(sock, addr);
|
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
}
|
2005-09-22 15:46:44 +08:00
|
|
|
llc->daddr.lsap = addr->sllc_sap;
|
|
|
|
memcpy(llc->daddr.mac, addr->sllc_mac, IFHWADDRLEN);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock->state = SS_CONNECTING;
|
|
|
|
sk->sk_state = TCP_SYN_SENT;
|
|
|
|
llc->link = llc_ui_next_link_no(llc->sap->laddr.lsap);
|
2005-09-22 14:53:35 +08:00
|
|
|
rc = llc_establish_connection(sk, llc->dev->dev_addr,
|
2005-04-17 06:20:36 +08:00
|
|
|
addr->sllc_mac, addr->sllc_sap);
|
|
|
|
if (rc) {
|
2008-03-06 12:47:47 +08:00
|
|
|
dprintk("%s: llc_ui_send_conn failed :-(\n", __func__);
|
2005-04-17 06:20:36 +08:00
|
|
|
sock->state = SS_UNCONNECTED;
|
|
|
|
sk->sk_state = TCP_CLOSE;
|
|
|
|
goto out;
|
|
|
|
}
|
2005-09-22 15:22:39 +08:00
|
|
|
|
|
|
|
if (sk->sk_state == TCP_SYN_SENT) {
|
2005-09-22 15:26:14 +08:00
|
|
|
const long timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
|
2005-09-22 15:22:39 +08:00
|
|
|
|
|
|
|
if (!timeo || !llc_ui_wait_for_conn(sk, timeo))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
rc = sock_intr_errno(timeo);
|
|
|
|
if (signal_pending(current))
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sk->sk_state == TCP_CLOSE)
|
|
|
|
goto sock_error;
|
|
|
|
|
|
|
|
sock->state = SS_CONNECTED;
|
|
|
|
rc = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
release_sock(sk);
|
|
|
|
return rc;
|
2005-09-22 15:22:39 +08:00
|
|
|
sock_error:
|
|
|
|
rc = sock_error(sk) ? : -ECONNABORTED;
|
|
|
|
sock->state = SS_UNCONNECTED;
|
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_listen - allow a normal socket to accept incoming connections
|
|
|
|
* @sock: Socket to allow incoming connections on.
|
|
|
|
* @backlog: Number of connections to queue.
|
|
|
|
*
|
|
|
|
* Allow a normal socket to accept incoming connections.
|
|
|
|
* Returns 0 upon success, negative otherwise.
|
|
|
|
*/
|
|
|
|
static int llc_ui_listen(struct socket *sock, int backlog)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
int rc = -EINVAL;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(sock->state != SS_UNCONNECTED))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
rc = -EOPNOTSUPP;
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(sk->sk_type != SOCK_STREAM))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
rc = -EAGAIN;
|
|
|
|
if (sock_flag(sk, SOCK_ZAPPED))
|
|
|
|
goto out;
|
|
|
|
rc = 0;
|
2012-04-15 13:58:06 +08:00
|
|
|
if (!(unsigned int)backlog) /* BSDism */
|
2005-04-17 06:20:36 +08:00
|
|
|
backlog = 1;
|
|
|
|
sk->sk_max_ack_backlog = backlog;
|
|
|
|
if (sk->sk_state != TCP_LISTEN) {
|
|
|
|
sk->sk_ack_backlog = 0;
|
|
|
|
sk->sk_state = TCP_LISTEN;
|
|
|
|
}
|
|
|
|
sk->sk_socket->flags |= __SO_ACCEPTCON;
|
|
|
|
out:
|
|
|
|
release_sock(sk);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2005-09-22 15:26:14 +08:00
|
|
|
static int llc_ui_wait_for_disc(struct sock *sk, long timeout)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2016-11-12 02:20:50 +08:00
|
|
|
DEFINE_WAIT_FUNC(wait, woken_wake_function);
|
2005-09-22 15:22:39 +08:00
|
|
|
int rc = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-11-12 02:20:50 +08:00
|
|
|
add_wait_queue(sk_sleep(sk), &wait);
|
2005-09-22 15:26:14 +08:00
|
|
|
while (1) {
|
2023-05-10 02:29:48 +08:00
|
|
|
if (sk_wait_event(sk, &timeout,
|
|
|
|
READ_ONCE(sk->sk_state) == TCP_CLOSE, &wait))
|
2005-09-22 15:26:14 +08:00
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = -ERESTARTSYS;
|
|
|
|
if (signal_pending(current))
|
|
|
|
break;
|
|
|
|
rc = -EAGAIN;
|
|
|
|
if (!timeout)
|
|
|
|
break;
|
2005-09-22 15:22:39 +08:00
|
|
|
rc = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2016-11-12 02:20:50 +08:00
|
|
|
remove_wait_queue(sk_sleep(sk), &wait);
|
2005-04-17 06:20:36 +08:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2016-09-16 01:51:25 +08:00
|
|
|
static bool llc_ui_wait_for_conn(struct sock *sk, long timeout)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2016-11-12 02:20:50 +08:00
|
|
|
DEFINE_WAIT_FUNC(wait, woken_wake_function);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-11-12 02:20:50 +08:00
|
|
|
add_wait_queue(sk_sleep(sk), &wait);
|
2005-09-22 15:26:14 +08:00
|
|
|
while (1) {
|
2023-05-10 02:29:48 +08:00
|
|
|
if (sk_wait_event(sk, &timeout,
|
|
|
|
READ_ONCE(sk->sk_state) != TCP_SYN_SENT, &wait))
|
2005-09-22 15:26:14 +08:00
|
|
|
break;
|
2005-09-22 15:22:39 +08:00
|
|
|
if (signal_pending(current) || !timeout)
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
}
|
2016-11-12 02:20:50 +08:00
|
|
|
remove_wait_queue(sk_sleep(sk), &wait);
|
2005-09-22 15:22:39 +08:00
|
|
|
return timeout;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2005-09-22 15:37:07 +08:00
|
|
|
static int llc_ui_wait_for_busy_core(struct sock *sk, long timeout)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2016-11-12 02:20:50 +08:00
|
|
|
DEFINE_WAIT_FUNC(wait, woken_wake_function);
|
2005-09-22 15:37:07 +08:00
|
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
|
|
int rc;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-11-12 02:20:50 +08:00
|
|
|
add_wait_queue(sk_sleep(sk), &wait);
|
2005-09-22 15:26:14 +08:00
|
|
|
while (1) {
|
2005-09-22 15:37:07 +08:00
|
|
|
rc = 0;
|
2005-09-22 15:26:14 +08:00
|
|
|
if (sk_wait_event(sk, &timeout,
|
2023-05-10 02:29:48 +08:00
|
|
|
(READ_ONCE(sk->sk_shutdown) & RCV_SHUTDOWN) ||
|
2005-09-22 15:37:07 +08:00
|
|
|
(!llc_data_accept_state(llc->state) &&
|
2005-11-15 13:57:46 +08:00
|
|
|
!llc->remote_busy_flag &&
|
2016-11-12 02:20:50 +08:00
|
|
|
!llc->p_flag), &wait))
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
rc = -ERESTARTSYS;
|
|
|
|
if (signal_pending(current))
|
|
|
|
break;
|
|
|
|
rc = -EAGAIN;
|
|
|
|
if (!timeout)
|
|
|
|
break;
|
|
|
|
}
|
2016-11-12 02:20:50 +08:00
|
|
|
remove_wait_queue(sk_sleep(sk), &wait);
|
2005-04-17 06:20:36 +08:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2005-09-22 16:14:33 +08:00
|
|
|
static int llc_wait_data(struct sock *sk, long timeo)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
int rc;
|
|
|
|
|
2005-09-22 15:26:14 +08:00
|
|
|
while (1) {
|
2005-09-22 15:37:07 +08:00
|
|
|
/*
|
|
|
|
* POSIX 1003.1g mandates this order.
|
|
|
|
*/
|
2005-12-14 15:22:19 +08:00
|
|
|
rc = sock_error(sk);
|
|
|
|
if (rc)
|
2005-09-22 15:37:07 +08:00
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = 0;
|
2005-09-22 15:37:07 +08:00
|
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
2005-09-22 15:37:07 +08:00
|
|
|
rc = -EAGAIN;
|
|
|
|
if (!timeo)
|
|
|
|
break;
|
|
|
|
rc = sock_intr_errno(timeo);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (signal_pending(current))
|
|
|
|
break;
|
2005-09-22 15:37:07 +08:00
|
|
|
rc = 0;
|
2015-07-25 00:19:25 +08:00
|
|
|
if (sk_wait_data(sk, &timeo, NULL))
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2009-12-26 19:51:00 +08:00
|
|
|
static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
struct llc_sock *llc = llc_sk(skb->sk);
|
|
|
|
|
|
|
|
if (llc->cmsg_flags & LLC_CMSG_PKTINFO) {
|
|
|
|
struct llc_pktinfo info;
|
|
|
|
|
2016-05-04 04:35:05 +08:00
|
|
|
memset(&info, 0, sizeof(info));
|
2009-12-26 19:51:00 +08:00
|
|
|
info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex;
|
|
|
|
llc_pdu_decode_dsap(skb, &info.lpi_sap);
|
|
|
|
llc_pdu_decode_da(skb, info.lpi_mac);
|
|
|
|
put_cmsg(msg, SOL_LLC, LLC_OPT_PKTINFO, sizeof(info), &info);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/**
|
|
|
|
* llc_ui_accept - accept a new incoming connection.
|
|
|
|
* @sock: Socket which connections arrive on.
|
|
|
|
* @newsock: Socket to move incoming connection to.
|
2024-05-09 23:20:08 +08:00
|
|
|
* @arg: User specified arguments
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* Accept a new incoming connection.
|
|
|
|
* Returns 0 upon success, negative otherwise.
|
|
|
|
*/
|
2024-05-09 23:20:08 +08:00
|
|
|
static int llc_ui_accept(struct socket *sock, struct socket *newsock,
|
|
|
|
struct proto_accept_arg *arg)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk, *newsk;
|
|
|
|
struct llc_sock *llc, *newllc;
|
|
|
|
struct sk_buff *skb;
|
|
|
|
int rc = -EOPNOTSUPP;
|
|
|
|
|
2008-03-06 12:47:47 +08:00
|
|
|
dprintk("%s: accepting on %02X\n", __func__,
|
2007-02-09 22:25:01 +08:00
|
|
|
llc_sk(sk)->laddr.lsap);
|
2005-04-17 06:20:36 +08:00
|
|
|
lock_sock(sk);
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(sk->sk_type != SOCK_STREAM))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
rc = -EINVAL;
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(sock->state != SS_UNCONNECTED ||
|
|
|
|
sk->sk_state != TCP_LISTEN))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
/* wait for a connection to arrive. */
|
2005-09-22 15:22:39 +08:00
|
|
|
if (skb_queue_empty(&sk->sk_receive_queue)) {
|
2005-09-22 15:37:07 +08:00
|
|
|
rc = llc_wait_data(sk, sk->sk_rcvtimeo);
|
2005-09-22 15:22:39 +08:00
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
}
|
2008-03-06 12:47:47 +08:00
|
|
|
dprintk("%s: got a new connection on %02X\n", __func__,
|
2007-02-09 22:25:01 +08:00
|
|
|
llc_sk(sk)->laddr.lsap);
|
2005-04-17 06:20:36 +08:00
|
|
|
skb = skb_dequeue(&sk->sk_receive_queue);
|
|
|
|
rc = -EINVAL;
|
|
|
|
if (!skb->sk)
|
|
|
|
goto frees;
|
|
|
|
rc = 0;
|
|
|
|
newsk = skb->sk;
|
|
|
|
/* attach connection to a new socket. */
|
|
|
|
llc_ui_sk_init(newsock, newsk);
|
|
|
|
sock_reset_flag(newsk, SOCK_ZAPPED);
|
|
|
|
newsk->sk_state = TCP_ESTABLISHED;
|
|
|
|
newsock->state = SS_CONNECTED;
|
|
|
|
llc = llc_sk(sk);
|
|
|
|
newllc = llc_sk(newsk);
|
|
|
|
memcpy(&newllc->addr, &llc->addr, sizeof(newllc->addr));
|
|
|
|
newllc->link = llc_ui_next_link_no(newllc->laddr.lsap);
|
|
|
|
|
|
|
|
/* put original socket back into a clean listen state. */
|
|
|
|
sk->sk_state = TCP_LISTEN;
|
2019-11-06 06:11:52 +08:00
|
|
|
sk_acceptq_removed(sk);
|
2008-03-06 12:47:47 +08:00
|
|
|
dprintk("%s: ok success on %02X, client on %02X\n", __func__,
|
2005-04-17 06:20:36 +08:00
|
|
|
llc_sk(sk)->addr.sllc_sap, newllc->daddr.lsap);
|
|
|
|
frees:
|
|
|
|
kfree_skb(skb);
|
|
|
|
out:
|
|
|
|
release_sock(sk);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_recvmsg - copy received data to the socket user.
|
|
|
|
* @sock: Socket to copy data from.
|
|
|
|
* @msg: Various user space related information.
|
2005-09-22 19:29:08 +08:00
|
|
|
* @len: Size of user buffer.
|
2005-04-17 06:20:36 +08:00
|
|
|
* @flags: User specified flags.
|
|
|
|
*
|
|
|
|
* Copy received data to the socket user.
|
|
|
|
* Returns non-negative upon success, negative otherwise.
|
|
|
|
*/
|
2015-03-02 15:37:48 +08:00
|
|
|
static int llc_ui_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
|
|
|
|
int flags)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2014-01-18 05:53:15 +08:00
|
|
|
DECLARE_SOCKADDR(struct sockaddr_llc *, uaddr, msg->msg_name);
|
2005-09-22 19:29:08 +08:00
|
|
|
const int nonblock = flags & MSG_DONTWAIT;
|
|
|
|
struct sk_buff *skb = NULL;
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct llc_sock *llc = llc_sk(sk);
|
2005-04-17 06:20:36 +08:00
|
|
|
size_t copied = 0;
|
2005-09-22 19:29:08 +08:00
|
|
|
u32 peek_seq = 0;
|
2013-12-31 06:40:50 +08:00
|
|
|
u32 *seq, skb_len;
|
2005-09-22 19:29:08 +08:00
|
|
|
unsigned long used;
|
|
|
|
int target; /* Read at least this many bytes */
|
|
|
|
long timeo;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
lock_sock(sk);
|
2005-09-22 19:29:08 +08:00
|
|
|
copied = -ENOTCONN;
|
2006-05-26 06:08:59 +08:00
|
|
|
if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
2005-09-22 19:29:08 +08:00
|
|
|
|
|
|
|
timeo = sock_rcvtimeo(sk, nonblock);
|
|
|
|
|
|
|
|
seq = &llc->copied_seq;
|
|
|
|
if (flags & MSG_PEEK) {
|
|
|
|
peek_seq = llc->copied_seq;
|
|
|
|
seq = &peek_seq;
|
2007-02-09 22:25:01 +08:00
|
|
|
}
|
2005-09-22 19:29:08 +08:00
|
|
|
|
|
|
|
target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
|
|
|
|
copied = 0;
|
|
|
|
|
|
|
|
do {
|
|
|
|
u32 offset;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We need to check signals first, to get correct SIGURG
|
|
|
|
* handling. FIXME: Need to check this doesn't impact 1003.1g
|
|
|
|
* and move it down to the bottom of the loop
|
|
|
|
*/
|
|
|
|
if (signal_pending(current)) {
|
|
|
|
if (copied)
|
|
|
|
break;
|
|
|
|
copied = timeo ? sock_intr_errno(timeo) : -EAGAIN;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Next get a buffer. */
|
|
|
|
|
|
|
|
skb = skb_peek(&sk->sk_receive_queue);
|
|
|
|
if (skb) {
|
|
|
|
offset = *seq;
|
|
|
|
goto found_ok_skb;
|
|
|
|
}
|
|
|
|
/* Well, if we have backlog, try to process it now yet. */
|
|
|
|
|
2019-11-07 02:04:11 +08:00
|
|
|
if (copied >= target && !READ_ONCE(sk->sk_backlog.tail))
|
2005-09-22 19:29:08 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
if (copied) {
|
|
|
|
if (sk->sk_err ||
|
|
|
|
sk->sk_state == TCP_CLOSE ||
|
|
|
|
(sk->sk_shutdown & RCV_SHUTDOWN) ||
|
|
|
|
!timeo ||
|
|
|
|
(flags & MSG_PEEK))
|
|
|
|
break;
|
|
|
|
} else {
|
|
|
|
if (sock_flag(sk, SOCK_DONE))
|
|
|
|
break;
|
|
|
|
|
|
|
|
if (sk->sk_err) {
|
|
|
|
copied = sock_error(sk);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
|
|
|
break;
|
|
|
|
|
2006-05-26 06:08:59 +08:00
|
|
|
if (sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_CLOSE) {
|
2005-09-22 19:29:08 +08:00
|
|
|
if (!sock_flag(sk, SOCK_DONE)) {
|
|
|
|
/*
|
|
|
|
* This occurs when user tries to read
|
|
|
|
* from never connected socket.
|
|
|
|
*/
|
|
|
|
copied = -ENOTCONN;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (!timeo) {
|
|
|
|
copied = -EAGAIN;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (copied >= target) { /* Do not sleep, just process backlog. */
|
|
|
|
release_sock(sk);
|
|
|
|
lock_sock(sk);
|
|
|
|
} else
|
2015-07-25 00:19:25 +08:00
|
|
|
sk_wait_data(sk, &timeo, NULL);
|
2005-09-22 19:29:08 +08:00
|
|
|
|
|
|
|
if ((flags & MSG_PEEK) && peek_seq != llc->copied_seq) {
|
2012-05-14 05:56:26 +08:00
|
|
|
net_dbg_ratelimited("LLC(%s:%d): Application bug, race in MSG_PEEK\n",
|
|
|
|
current->comm,
|
|
|
|
task_pid_nr(current));
|
2005-09-22 19:29:08 +08:00
|
|
|
peek_seq = llc->copied_seq;
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
found_ok_skb:
|
2013-12-31 06:40:50 +08:00
|
|
|
skb_len = skb->len;
|
2005-09-22 19:29:08 +08:00
|
|
|
/* Ok so how much can we use? */
|
|
|
|
used = skb->len - offset;
|
|
|
|
if (len < used)
|
|
|
|
used = len;
|
|
|
|
|
|
|
|
if (!(flags & MSG_TRUNC)) {
|
2014-11-06 05:46:40 +08:00
|
|
|
int rc = skb_copy_datagram_msg(skb, offset, msg, used);
|
2005-09-22 19:29:08 +08:00
|
|
|
if (rc) {
|
|
|
|
/* Exception. Bailout! */
|
|
|
|
if (!copied)
|
|
|
|
copied = -EFAULT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
*seq += used;
|
|
|
|
copied += used;
|
|
|
|
len -= used;
|
|
|
|
|
2011-12-16 07:01:25 +08:00
|
|
|
/* For non stream protcols we get one packet per recvmsg call */
|
|
|
|
if (sk->sk_type != SOCK_STREAM)
|
|
|
|
goto copy_uaddr;
|
|
|
|
|
2005-09-22 19:29:08 +08:00
|
|
|
if (!(flags & MSG_PEEK)) {
|
2018-10-23 00:24:27 +08:00
|
|
|
skb_unlink(skb, &sk->sk_receive_queue);
|
|
|
|
kfree_skb(skb);
|
2005-09-22 19:29:08 +08:00
|
|
|
*seq = 0;
|
|
|
|
}
|
2006-08-04 07:38:49 +08:00
|
|
|
|
|
|
|
/* Partial read */
|
2013-12-31 06:40:50 +08:00
|
|
|
if (used + offset < skb_len)
|
2006-08-04 07:38:49 +08:00
|
|
|
continue;
|
2005-09-22 19:29:08 +08:00
|
|
|
} while (len > 0);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
release_sock(sk);
|
2005-09-22 19:29:08 +08:00
|
|
|
return copied;
|
|
|
|
copy_uaddr:
|
|
|
|
if (uaddr != NULL && skb != NULL) {
|
|
|
|
memcpy(uaddr, llc_ui_skb_cb(skb), sizeof(*uaddr));
|
|
|
|
msg->msg_namelen = sizeof(*uaddr);
|
|
|
|
}
|
2009-12-26 19:51:00 +08:00
|
|
|
if (llc_sk(sk)->cmsg_flags)
|
|
|
|
llc_cmsg_rcv(msg, skb);
|
2011-12-16 07:01:25 +08:00
|
|
|
|
|
|
|
if (!(flags & MSG_PEEK)) {
|
2018-10-23 00:24:27 +08:00
|
|
|
skb_unlink(skb, &sk->sk_receive_queue);
|
|
|
|
kfree_skb(skb);
|
2013-12-31 04:37:29 +08:00
|
|
|
*seq = 0;
|
2011-12-16 07:01:25 +08:00
|
|
|
}
|
|
|
|
|
2005-09-22 19:29:08 +08:00
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_sendmsg - Transmit data provided by the socket user.
|
|
|
|
* @sock: Socket to transmit data from.
|
|
|
|
* @msg: Various user related information.
|
|
|
|
* @len: Length of data to transmit.
|
|
|
|
*
|
|
|
|
* Transmit data provided by the socket user.
|
|
|
|
* Returns non-negative upon success, negative otherwise.
|
|
|
|
*/
|
2015-03-02 15:37:48 +08:00
|
|
|
static int llc_ui_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2024-01-19 02:36:25 +08:00
|
|
|
DECLARE_SOCKADDR(struct sockaddr_llc *, addr, msg->msg_name);
|
2005-04-17 06:20:36 +08:00
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
|
|
int flags = msg->msg_flags;
|
|
|
|
int noblock = flags & MSG_DONTWAIT;
|
2024-01-19 02:36:25 +08:00
|
|
|
int rc = -EINVAL, copied = 0, hdrlen, hh_len;
|
2019-10-07 05:24:26 +08:00
|
|
|
struct sk_buff *skb = NULL;
|
2024-01-19 02:36:25 +08:00
|
|
|
struct net_device *dev;
|
2005-04-17 06:20:36 +08:00
|
|
|
size_t size = 0;
|
|
|
|
|
2008-03-06 12:47:47 +08:00
|
|
|
dprintk("%s: sending from %02X to %02X\n", __func__,
|
2005-04-17 06:20:36 +08:00
|
|
|
llc->laddr.lsap, llc->daddr.lsap);
|
|
|
|
lock_sock(sk);
|
|
|
|
if (addr) {
|
|
|
|
if (msg->msg_namelen < sizeof(*addr))
|
2019-10-07 05:24:26 +08:00
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
} else {
|
|
|
|
if (llc_ui_addr_null(&llc->addr))
|
2019-10-07 05:24:26 +08:00
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
addr = &llc->addr;
|
|
|
|
}
|
|
|
|
/* must bind connection to sap if user hasn't done it. */
|
|
|
|
if (sock_flag(sk, SOCK_ZAPPED)) {
|
|
|
|
/* bind to sap with null dev, exclusive. */
|
|
|
|
rc = llc_ui_autobind(sock, addr);
|
|
|
|
if (rc)
|
2019-10-07 05:24:26 +08:00
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2024-01-19 02:36:25 +08:00
|
|
|
dev = llc->dev;
|
|
|
|
hh_len = LL_RESERVED_SPACE(dev);
|
|
|
|
hdrlen = llc_ui_header_len(sk, addr);
|
2005-04-17 06:20:36 +08:00
|
|
|
size = hdrlen + len;
|
2024-01-19 02:36:25 +08:00
|
|
|
size = min_t(size_t, size, READ_ONCE(dev->mtu));
|
2005-04-17 06:20:36 +08:00
|
|
|
copied = size - hdrlen;
|
2018-05-08 00:02:25 +08:00
|
|
|
rc = -EINVAL;
|
|
|
|
if (copied < 0)
|
2019-10-07 05:24:26 +08:00
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
release_sock(sk);
|
2024-01-19 02:36:25 +08:00
|
|
|
skb = sock_alloc_send_skb(sk, hh_len + size, noblock, &rc);
|
2005-04-17 06:20:36 +08:00
|
|
|
lock_sock(sk);
|
|
|
|
if (!skb)
|
2019-10-07 05:24:26 +08:00
|
|
|
goto out;
|
2024-01-19 02:36:25 +08:00
|
|
|
if (sock_flag(sk, SOCK_ZAPPED) ||
|
|
|
|
llc->dev != dev ||
|
|
|
|
hdrlen != llc_ui_header_len(sk, addr) ||
|
|
|
|
hh_len != LL_RESERVED_SPACE(dev) ||
|
|
|
|
size > READ_ONCE(dev->mtu))
|
|
|
|
goto out;
|
|
|
|
skb->dev = dev;
|
2005-04-17 06:20:36 +08:00
|
|
|
skb->protocol = llc_proto_type(addr->sllc_arphrd);
|
2024-01-19 02:36:25 +08:00
|
|
|
skb_reserve(skb, hh_len + hdrlen);
|
2014-04-07 09:25:44 +08:00
|
|
|
rc = memcpy_from_msg(skb_put(skb, copied), msg, copied);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
if (sk->sk_type == SOCK_DGRAM || addr->sllc_ua) {
|
|
|
|
llc_build_and_send_ui_pkt(llc->sap, skb, addr->sllc_mac,
|
|
|
|
addr->sllc_sap);
|
2019-10-07 05:24:26 +08:00
|
|
|
skb = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (addr->sllc_test) {
|
|
|
|
llc_build_and_send_test_pkt(llc->sap, skb, addr->sllc_mac,
|
|
|
|
addr->sllc_sap);
|
2019-10-07 05:24:26 +08:00
|
|
|
skb = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (addr->sllc_xid) {
|
|
|
|
llc_build_and_send_xid_pkt(llc->sap, skb, addr->sllc_mac,
|
|
|
|
addr->sllc_sap);
|
2019-10-07 05:24:26 +08:00
|
|
|
skb = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = -ENOPROTOOPT;
|
|
|
|
if (!(sk->sk_type == SOCK_STREAM && !addr->sllc_ua))
|
|
|
|
goto out;
|
|
|
|
rc = llc_ui_send_data(sk, skb, noblock);
|
2019-10-07 05:24:26 +08:00
|
|
|
skb = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
2019-10-07 05:24:26 +08:00
|
|
|
kfree_skb(skb);
|
|
|
|
if (rc)
|
2005-04-17 06:20:36 +08:00
|
|
|
dprintk("%s: failed sending from %02X to %02X: %d\n",
|
2008-03-06 12:47:47 +08:00
|
|
|
__func__, llc->laddr.lsap, llc->daddr.lsap, rc);
|
2005-04-17 06:20:36 +08:00
|
|
|
release_sock(sk);
|
|
|
|
return rc ? : copied;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_getname - return the address info of a socket
|
|
|
|
* @sock: Socket to get address of.
|
|
|
|
* @uaddr: Address structure to return information.
|
|
|
|
* @peer: Does user want local or remote address information.
|
|
|
|
*
|
|
|
|
* Return the address information of a socket.
|
|
|
|
*/
|
|
|
|
static int llc_ui_getname(struct socket *sock, struct sockaddr *uaddr,
|
2018-02-13 03:00:20 +08:00
|
|
|
int peer)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sockaddr_llc sllc;
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct llc_sock *llc = llc_sk(sk);
|
2012-08-15 19:31:53 +08:00
|
|
|
int rc = -EBADF;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-08-24 13:55:51 +08:00
|
|
|
memset(&sllc, 0, sizeof(sllc));
|
2005-04-17 06:20:36 +08:00
|
|
|
lock_sock(sk);
|
|
|
|
if (sock_flag(sk, SOCK_ZAPPED))
|
|
|
|
goto out;
|
|
|
|
if (peer) {
|
|
|
|
rc = -ENOTCONN;
|
|
|
|
if (sk->sk_state != TCP_ESTABLISHED)
|
|
|
|
goto out;
|
|
|
|
if(llc->dev)
|
|
|
|
sllc.sllc_arphrd = llc->dev->type;
|
|
|
|
sllc.sllc_sap = llc->daddr.lsap;
|
|
|
|
memcpy(&sllc.sllc_mac, &llc->daddr.mac, IFHWADDRLEN);
|
|
|
|
} else {
|
|
|
|
rc = -EINVAL;
|
|
|
|
if (!llc->sap)
|
|
|
|
goto out;
|
|
|
|
sllc.sllc_sap = llc->sap->laddr.lsap;
|
|
|
|
|
|
|
|
if (llc->dev) {
|
|
|
|
sllc.sllc_arphrd = llc->dev->type;
|
2009-05-13 06:40:12 +08:00
|
|
|
memcpy(&sllc.sllc_mac, llc->dev->dev_addr,
|
2005-04-17 06:20:36 +08:00
|
|
|
IFHWADDRLEN);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
sllc.sllc_family = AF_LLC;
|
|
|
|
memcpy(uaddr, &sllc, sizeof(sllc));
|
2018-02-13 03:00:20 +08:00
|
|
|
rc = sizeof(sllc);
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
release_sock(sk);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_ioctl - io controls for PF_LLC
|
|
|
|
* @sock: Socket to get/set info
|
|
|
|
* @cmd: command
|
|
|
|
* @arg: optional argument for cmd
|
|
|
|
*
|
|
|
|
* get/set info on llc sockets
|
|
|
|
*/
|
|
|
|
static int llc_ui_ioctl(struct socket *sock, unsigned int cmd,
|
|
|
|
unsigned long arg)
|
|
|
|
{
|
2006-01-04 06:18:33 +08:00
|
|
|
return -ENOIOCTLCMD;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_setsockopt - set various connection specific parameters.
|
|
|
|
* @sock: Socket to set options on.
|
|
|
|
* @level: Socket level user is requesting operations on.
|
|
|
|
* @optname: Operation name.
|
2012-07-10 18:55:09 +08:00
|
|
|
* @optval: User provided operation data.
|
2005-04-17 06:20:36 +08:00
|
|
|
* @optlen: Length of optval.
|
|
|
|
*
|
|
|
|
* Set various connection specific parameters.
|
|
|
|
*/
|
|
|
|
static int llc_ui_setsockopt(struct socket *sock, int level, int optname,
|
2020-07-23 14:09:07 +08:00
|
|
|
sockptr_t optval, unsigned int optlen)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct llc_sock *llc = llc_sk(sk);
|
2010-09-10 09:56:16 +08:00
|
|
|
unsigned int opt;
|
|
|
|
int rc = -EINVAL;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
lock_sock(sk);
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(level != SOL_LLC || optlen != sizeof(int)))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
2020-07-23 14:09:07 +08:00
|
|
|
rc = copy_from_sockptr(&opt, optval, sizeof(opt));
|
2005-04-17 06:20:36 +08:00
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
rc = -EINVAL;
|
|
|
|
switch (optname) {
|
|
|
|
case LLC_OPT_RETRY:
|
|
|
|
if (opt > LLC_OPT_MAX_RETRY)
|
|
|
|
goto out;
|
|
|
|
llc->n2 = opt;
|
|
|
|
break;
|
|
|
|
case LLC_OPT_SIZE:
|
|
|
|
if (opt > LLC_OPT_MAX_SIZE)
|
|
|
|
goto out;
|
|
|
|
llc->n1 = opt;
|
|
|
|
break;
|
|
|
|
case LLC_OPT_ACK_TMR_EXP:
|
|
|
|
if (opt > LLC_OPT_MAX_ACK_TMR_EXP)
|
|
|
|
goto out;
|
2005-09-22 15:30:44 +08:00
|
|
|
llc->ack_timer.expire = opt * HZ;
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
case LLC_OPT_P_TMR_EXP:
|
|
|
|
if (opt > LLC_OPT_MAX_P_TMR_EXP)
|
|
|
|
goto out;
|
2005-09-22 15:30:44 +08:00
|
|
|
llc->pf_cycle_timer.expire = opt * HZ;
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
case LLC_OPT_REJ_TMR_EXP:
|
|
|
|
if (opt > LLC_OPT_MAX_REJ_TMR_EXP)
|
|
|
|
goto out;
|
2005-09-22 15:30:44 +08:00
|
|
|
llc->rej_sent_timer.expire = opt * HZ;
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
case LLC_OPT_BUSY_TMR_EXP:
|
|
|
|
if (opt > LLC_OPT_MAX_BUSY_TMR_EXP)
|
|
|
|
goto out;
|
2005-09-22 15:30:44 +08:00
|
|
|
llc->busy_state_timer.expire = opt * HZ;
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
case LLC_OPT_TX_WIN:
|
|
|
|
if (opt > LLC_OPT_MAX_WIN)
|
|
|
|
goto out;
|
|
|
|
llc->k = opt;
|
|
|
|
break;
|
|
|
|
case LLC_OPT_RX_WIN:
|
|
|
|
if (opt > LLC_OPT_MAX_WIN)
|
|
|
|
goto out;
|
|
|
|
llc->rw = opt;
|
|
|
|
break;
|
2009-12-26 19:51:00 +08:00
|
|
|
case LLC_OPT_PKTINFO:
|
|
|
|
if (opt)
|
|
|
|
llc->cmsg_flags |= LLC_CMSG_PKTINFO;
|
|
|
|
else
|
|
|
|
llc->cmsg_flags &= ~LLC_CMSG_PKTINFO;
|
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
default:
|
|
|
|
rc = -ENOPROTOOPT;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = 0;
|
|
|
|
out:
|
|
|
|
release_sock(sk);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* llc_ui_getsockopt - get connection specific socket info
|
|
|
|
* @sock: Socket to get information from.
|
|
|
|
* @level: Socket level user is requesting operations on.
|
|
|
|
* @optname: Operation name.
|
|
|
|
* @optval: Variable to return operation data in.
|
|
|
|
* @optlen: Length of optval.
|
|
|
|
*
|
|
|
|
* Get connection specific socket information.
|
|
|
|
*/
|
|
|
|
static int llc_ui_getsockopt(struct socket *sock, int level, int optname,
|
|
|
|
char __user *optval, int __user *optlen)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct llc_sock *llc = llc_sk(sk);
|
|
|
|
int val = 0, len = 0, rc = -EINVAL;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
2005-09-22 14:59:22 +08:00
|
|
|
if (unlikely(level != SOL_LLC))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
rc = get_user(len, optlen);
|
|
|
|
if (rc)
|
|
|
|
goto out;
|
|
|
|
rc = -EINVAL;
|
|
|
|
if (len != sizeof(int))
|
|
|
|
goto out;
|
|
|
|
switch (optname) {
|
|
|
|
case LLC_OPT_RETRY:
|
2005-09-22 15:30:44 +08:00
|
|
|
val = llc->n2; break;
|
2005-04-17 06:20:36 +08:00
|
|
|
case LLC_OPT_SIZE:
|
2005-09-22 15:30:44 +08:00
|
|
|
val = llc->n1; break;
|
2005-04-17 06:20:36 +08:00
|
|
|
case LLC_OPT_ACK_TMR_EXP:
|
2005-09-22 15:30:44 +08:00
|
|
|
val = llc->ack_timer.expire / HZ; break;
|
2005-04-17 06:20:36 +08:00
|
|
|
case LLC_OPT_P_TMR_EXP:
|
2005-09-22 15:30:44 +08:00
|
|
|
val = llc->pf_cycle_timer.expire / HZ; break;
|
2005-04-17 06:20:36 +08:00
|
|
|
case LLC_OPT_REJ_TMR_EXP:
|
2005-09-22 15:30:44 +08:00
|
|
|
val = llc->rej_sent_timer.expire / HZ; break;
|
2005-04-17 06:20:36 +08:00
|
|
|
case LLC_OPT_BUSY_TMR_EXP:
|
2005-09-22 15:30:44 +08:00
|
|
|
val = llc->busy_state_timer.expire / HZ; break;
|
2005-04-17 06:20:36 +08:00
|
|
|
case LLC_OPT_TX_WIN:
|
|
|
|
val = llc->k; break;
|
|
|
|
case LLC_OPT_RX_WIN:
|
|
|
|
val = llc->rw; break;
|
2009-12-26 19:51:00 +08:00
|
|
|
case LLC_OPT_PKTINFO:
|
|
|
|
val = (llc->cmsg_flags & LLC_CMSG_PKTINFO) != 0;
|
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
default:
|
|
|
|
rc = -ENOPROTOOPT;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
rc = 0;
|
|
|
|
if (put_user(len, optlen) || copy_to_user(optval, &val, len))
|
|
|
|
rc = -EFAULT;
|
|
|
|
out:
|
|
|
|
release_sock(sk);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2009-10-05 13:58:39 +08:00
|
|
|
static const struct net_proto_family llc_ui_family_ops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.family = PF_LLC,
|
|
|
|
.create = llc_ui_create,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
};
|
|
|
|
|
2005-12-23 04:49:22 +08:00
|
|
|
static const struct proto_ops llc_ui_ops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.family = PF_LLC,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.release = llc_ui_release,
|
|
|
|
.bind = llc_ui_bind,
|
|
|
|
.connect = llc_ui_connect,
|
|
|
|
.socketpair = sock_no_socketpair,
|
|
|
|
.accept = llc_ui_accept,
|
|
|
|
.getname = llc_ui_getname,
|
2018-06-29 00:43:44 +08:00
|
|
|
.poll = datagram_poll,
|
2005-04-17 06:20:36 +08:00
|
|
|
.ioctl = llc_ui_ioctl,
|
|
|
|
.listen = llc_ui_listen,
|
|
|
|
.shutdown = llc_ui_shutdown,
|
|
|
|
.setsockopt = llc_ui_setsockopt,
|
|
|
|
.getsockopt = llc_ui_getsockopt,
|
|
|
|
.sendmsg = llc_ui_sendmsg,
|
|
|
|
.recvmsg = llc_ui_recvmsg,
|
|
|
|
.mmap = sock_no_mmap,
|
|
|
|
};
|
|
|
|
|
2009-02-22 16:02:44 +08:00
|
|
|
static const char llc_proc_err_msg[] __initconst =
|
2007-02-09 22:25:01 +08:00
|
|
|
KERN_CRIT "LLC: Unable to register the proc_fs entries\n";
|
2009-02-22 16:02:44 +08:00
|
|
|
static const char llc_sysctl_err_msg[] __initconst =
|
2007-02-09 22:25:01 +08:00
|
|
|
KERN_CRIT "LLC: Unable to register the sysctl entries\n";
|
2009-02-22 16:02:44 +08:00
|
|
|
static const char llc_sock_err_msg[] __initconst =
|
2007-02-09 22:25:01 +08:00
|
|
|
KERN_CRIT "LLC: Unable to register the network family\n";
|
2005-09-22 15:30:44 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int __init llc2_init(void)
|
|
|
|
{
|
|
|
|
int rc = proto_register(&llc_proto, 0);
|
|
|
|
|
|
|
|
if (rc != 0)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
llc_build_offset_table();
|
|
|
|
llc_station_init();
|
|
|
|
llc_ui_sap_last_autoport = LLC_SAP_DYN_START;
|
|
|
|
rc = llc_proc_init();
|
2005-09-22 15:30:44 +08:00
|
|
|
if (rc != 0) {
|
|
|
|
printk(llc_proc_err_msg);
|
2012-08-13 10:50:43 +08:00
|
|
|
goto out_station;
|
2005-09-22 15:30:44 +08:00
|
|
|
}
|
|
|
|
rc = llc_sysctl_init();
|
|
|
|
if (rc) {
|
|
|
|
printk(llc_sysctl_err_msg);
|
|
|
|
goto out_proc;
|
|
|
|
}
|
|
|
|
rc = sock_register(&llc_ui_family_ops);
|
|
|
|
if (rc) {
|
|
|
|
printk(llc_sock_err_msg);
|
|
|
|
goto out_sysctl;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
llc_add_pack(LLC_DEST_SAP, llc_sap_handler);
|
|
|
|
llc_add_pack(LLC_DEST_CONN, llc_conn_handler);
|
|
|
|
out:
|
|
|
|
return rc;
|
2005-09-22 15:30:44 +08:00
|
|
|
out_sysctl:
|
|
|
|
llc_sysctl_exit();
|
|
|
|
out_proc:
|
|
|
|
llc_proc_exit();
|
2012-08-13 10:50:43 +08:00
|
|
|
out_station:
|
|
|
|
llc_station_exit();
|
2005-04-17 06:20:36 +08:00
|
|
|
proto_unregister(&llc_proto);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit llc2_exit(void)
|
|
|
|
{
|
|
|
|
llc_station_exit();
|
|
|
|
llc_remove_pack(LLC_DEST_SAP);
|
|
|
|
llc_remove_pack(LLC_DEST_CONN);
|
|
|
|
sock_unregister(PF_LLC);
|
|
|
|
llc_proc_exit();
|
2005-09-22 15:30:44 +08:00
|
|
|
llc_sysctl_exit();
|
2005-04-17 06:20:36 +08:00
|
|
|
proto_unregister(&llc_proto);
|
|
|
|
}
|
|
|
|
|
|
|
|
module_init(llc2_init);
|
|
|
|
module_exit(llc2_exit);
|
|
|
|
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_AUTHOR("Procom 1997, Jay Schullist 2001, Arnaldo C. Melo 2001-2003");
|
|
|
|
MODULE_DESCRIPTION("IEEE 802.2 PF_LLC support");
|
|
|
|
MODULE_ALIAS_NETPROTO(PF_LLC);
|